This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Error setting form-login

Jul 14th, 2011, 02:14 PM

Hi, I've just got the book I order (Packt's Spring Security 3) and can't wai to test what I'm learning.

I did the basic example the book ilustrate on chapter 2, but now I want to customize my login page. Even though it looks simple (just create a login.jsp page and configure it using <form-login>) it keeps sending a really weird error:

Comment

@Luke Taylor.
Hi. I found the reason for this error (probably, this is either configuration issue, or more realistically springframework/spring security issue).
Here is the stack trace (only the cause classes are included):

The reason for this is the following:
1. /signin URL is protected, so DefaultFilterChainValidator.checkLoginPageIsntProt ected() is failed, and
2. AffirmativeBased.decide() tries to throw the exception:

And actually if AbstractAccessDecisionManager didn't implement MessageSourceAware everything should work, because (see the attached screenshot), by unknown reason XmlWebApplicationContext is trying to rewrite the valid initialized MessageSourceAccessor (again see the screenshot) (yes, XmlWebApplicationContext implements MessageSource actually), but this behavior is weird (or do I miss something?).
4. And, of course, after this initialization messageSource is null, and the required message can't be retrieved.

This specific issue can be fixed by providing access (permitAll) to /signin (what really must be done), but this is not case, the case is how to fix this, that in the case of the error I could see the detailed message, and org.springframework.security.message would be used and not overridden.